Hello, guys !
I'm using iptables for my security firewall, but the interesting part is that when i installed webmin on default port 10000, i was able to access the webmin outside, despite my firewall configuration which is configured to DROP by default, and only a few ports are allowed.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:965
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:8009
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Where is my mistake in iptables ?
Re: Where is my mistake in iptables ?
This looks like a wide open firewall to me...rozeto wrote: ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
[!] --state state
Where state is a comma separated list of the connection states to match. Possible states are
INVALID meaning that the packet could not be identified for some reason which includes running out
of memory and ICMP errors which don't correspond to any known connection, ESTABLISHED meaning that
the packet is associated with a connection which has seen packets in both directions, NEW meaning
that the packet has started a new connection, or otherwise associated with a connection which has
not seen packets in both directions, and RELATED meaning that the packet is starting a new
connection, but is associated with an existing connection, such as an FTP data transfer, or an
ICMP error. UNTRACKED meaning that the packet is not tracked at all, which happens if you use the
NOTRACK target in raw table.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.
Re: Where is my mistake in iptables ?
Yes, remove NEW from that line.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke